Lucene search
Bien Pham (@bienpnn) from Team Orca of Sea Security (security.sea.com)ZDI-22-410HistoryFeb 22, 2022 - 12:00 a.m.
(Pwn2Own) Cisco RV340 upload.cgi sessionid Improper Input Validation Authentication Bypass Vulnerability
2022-02-2200:00:00
Bien Pham (@bienpnn) from Team Orca of Sea Security (security.sea.com)
www.zerodayinitiative.com
14
0.099 Low
EPSS
Percentile
94.9%
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Cisco RV340 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the sessionid parameter provided to the upload.cgi endpoint. The issue results from the lack of proper validation of the user-supplied sessionid cookie. An attacker can leverage this vulnerability to bypass authentication on the system.
Related
zdi
zdi
cvelist
cvelist
CVE-2022-20705 Cisco Small Business RV Series Routers Vulnerabilities
2022-02-10 00:00:00
nvd
nvd
CVE-2022-20705
2022-02-10 18:15:09
cve
cve
CVE-2022-20705
2022-02-10 18:15:09
prion
prion
Authentication flaw
2022-02-10 18:15:00
zdt
zdt
Cisco RV Series Authentication Bypass / Command Injection Exploit
2023-02-14 00:00:00
packetstorm
packetstorm
Cisco RV Series Authentication Bypass / Command Injection
2023-02-14 00:00:00
metasploit
metasploit
Cisco RV Series Authentication Bypass and Command Injection
2023-02-05 15:15:16
rapid7blog
rapid7blog
Metasploit Wrap-Up
2023-02-17 21:17:16
nessus
nessus
threatpost
threatpost
Critical Cisco Bugs Open VPN Routers to Cyberattacks
2022-02-03 20:15:54
thn
thn
Critical Flaws Discovered in Cisco Small Business RV Series Routers
2022-02-03 14:05:00
cisco
cisco
Cisco Small Business RV Series Routers Vulnerabilities
2022-02-02 16:00:00